Hacker Hammond's laptop protected by pet password Former LulzSec member Jeremy Hammond - once the FBI's most wanted and charged with hacking security firm Stratfor - seems to have failed to prevent police accessing his laptop due to a poor password. During a police raid in March 2012 he raced through a friend's Chicago home to shut and lock his laptop. But the effort …
Not that I have any sympathy but one would think that if one wanted the title of "hacker" (in the current usage not the traditional) one would go for a tough password in case they were caught. But then again, those who do things like breaking and entering (physical property or computers) aren't always the brightest bulbs in the chandelier, are they?
The problem is very simple. Security is inconvenient, and the more secure, the more inconvenient.
Of course, there's also the fact that people who are willing to run the risk of criminal activity usually feel pretty invulnerable to begin with - or else they wouldn't run the risk in the first place. And a sense of invulnerability does not lead one to tolerate the inconvenience associated with good security.
The question I keep asking myself whenever I see stories about LulzSec and, specifically, this 'hack', is: "what came of any of it?"
There was important information that came from this, whatever the motives or methods, but has anything substantial actually happened?
All we really got was a suggestion that some of the data may have been fabricated, either by Stratfor as disinformation or by LulzSec and other information might be taken 'out of context'.
in US Court proceedings it has become clear that the FBI has been directing Cybersecurity attacks. We know that the NSA have been doing this via the Snowden allegations, but for this FBI led-attack - we know this not via ‘allegations’ but through (sealed & censored) US court documents which have now been reverse-engineered.
According to Court documents the FBI asked Hector Xavier Monsegur (with a pseudonym of Sabu) on June 8, 2011 to persuade hacker colleagues in the ‘Anonymous-style' “LulzSec"community to attack internet targets. (The Economist referred to Sabu as one of LulzSec's six core members and their "most expert” hacker) The FBI provided him the list of countries & facilities to attack.
from http://www.dailydot.com/politics/fbi-hammond-sabu-hack-country-list/
More than 30 countries were hacked in 2012 - by (an informant under control of) “the FBI”
A Federal Bureau of Investigation (FBI) informant targeted more than two dozen countries in a series of high-profile cyberattacks in 2012. The names of many of those countries have remained secret, under seal by a court order—until now.
Brazil,
Netherlands, (EU, NATO)
Belgium, (EU, NATO)
United Kingdom, (EU, NATO, 5-EYES)
Australia, (5-EYES)
Papua New Guinea,
Republic of Maldives,
Philippines,
Laos,
Libya,
Turkey, (NATO)
Sudan,
India,
Malaysia,
South Africa,
Yemen,
Iraq,
Saudi Arabia,
Trinidad and Tobago,
Lebanon,
Kuwait,
Albania,
Bosnia and Herzegovina,
Argentina
including national government sites in
Libya,
Yemen,
Sudan,
Philippines,
Iran,
United Kingdom (EU, NATO, 5-EYES)
Nigeria,
Republic of Maldives,
Paraguay,
Saint Lucia,
Puerto Rico.
Iran,
Greece, (EU, NATO)
Slovenia, (EU)
United States, (NATO, 5-EYES)
This list targeted Databases which containing the login credentials, financial details, and private emails of foreign citizens, and in some cases government agents. This data was exfiltrated by hackers tasked by Monsegur to do as much damage as possible. After they stole the data, it was routinely uploaded, at Monsegur’s instruction, to a server under the FBI’s control, according to court statements. [My speculation is that the NSA will have then further exploited these databases & compromised systems, under cover of Anonymous/LulzSec]
Monsegur played a crucial role in staging high-profile (False-Flag) cyberattacks against FBI security contractor ManTech, and the Texas intelligence firm Stratfor, [in which my personal details were leaked!] The FBI attempted to use Monsegur to entrap Nadim Kobeissi, author of the secure communication software Cryptocat, but without success, but Monsegur continued working online for the FBI until March 6, 2012 when he was arrested, with 2 British & 2 Irish citizens.
The court-case where Monsegur was prosecuted & sentenced to 1 year suspended sentence (including 7 months pre-trail detention) claimed that he was successful as an FBI informant to protect the USA from over 300 cybersecurity attacks between 2011 to 2014, including NASA, dot MIL & media companies. The court mentioned that he had made some attacks but the list of countries/targets was censored and sealed, until DailyDot analysed them..
"Hammond [...] was sentenced to the maximum 10 years prison under his guilty plea deal"
I'm not all that familiar with the US legal system, but this implies that he did a deal and pleaded guilty, which is usually done in exchange for a lighter sentence.
So how come he got the maximum stretch? What would they have done if he pleaded not guilty, sentence him to more than the maximum?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
